CVE-2024-41969

Missing Authentication for Critical Function (CWE-306)

Published: Nov 18, 2024 / Updated: 1d ago

010
CVSS 8.8EPSS 0.05%High
CVE info copied to clipboard

Summary

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.

Impact

This vulnerability allows a low-privileged remote attacker to modify the configuration of the CODESYS V3 service. The potential impacts are severe, including: 1. Full system access: The attacker could gain complete control over the affected system. 2. Denial of Service (DoS): The attacker could disrupt the normal functioning of the system, making it unavailable to legitimate users. The CVSS v3.1 base score is 8.8 (High severity), with the following metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High This indicates that the vulnerability is relatively easy to exploit remotely and can have significant impacts on the confidentiality, integrity, and availability of the affected system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

The vulnerability data provided does not mention any specific patch information. The security team should check with CODESYS for the latest security updates or patches addressing this vulnerability.

Mitigation

While no specific mitigation steps are provided in the vulnerability data, based on the nature of the vulnerability (missing authentication for critical function), the following general recommendations can be made: 1. Implement strong authentication mechanisms for all critical functions, especially those related to configuration changes in the CODESYS V3 service. 2. Limit network access to the CODESYS V3 service, allowing only trusted IP addresses or networks. 3. Monitor and log all access attempts and configuration changes to the CODESYS V3 service. 4. Implement network segmentation to isolate systems running CODESYS V3 from other parts of the network. 5. Apply the principle of least privilege, ensuring that users and processes have only the minimum necessary permissions. It's crucial to consult with CODESYS for specific mitigation strategies and to check for any available security updates or patches.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-41969

Nov 18, 2024 at 9:15 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Nov 18, 2024 at 9:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-41969. See article

Nov 18, 2024 at 9:22 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 18, 2024 at 9:22 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 20.6%)

Nov 19, 2024 at 9:42 AM
Static CVE Timeline Graph

Affected Systems

Codesys/codesys
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

High - CVE-2024-41969 - A low privileged remote attacker may modify the...
A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
WAGO: Multiple vulnerabilities in WAGO Firmware 04.05.10 (FW 27)
Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices. The identified vulnerabilities could lead to a denial-of-service attack or alter of the firmware and docker configuration.
CVE-2024-41969 - CODESYS V3 Missing Authentication Remote Configuration Bypass November 18, 2024 at 09:15AM https:// ift.tt/2BXzSj8 # CVE # IOC # CTI # ThreatIntelligence # ThreatIntel # Cybersecurity # Recon
CVE-2024-41969 - CODESYS V3 Missing Authentication Remote Configuration Bypass
CVE ID : CVE-2024-41969 Published : Nov. 18, 2024, 9:15 a.m. 53 minutes ago Description : A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. Severity: 8.8 HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple DevicesA low...
A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI